The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b - Exploit, Third Party Advisory |
30 Jul 2022, 12:30
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
10 Nov 2021, 13:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-08 18:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24788
Mitre link : CVE-2021-24788
CVE.ORG link : CVE-2021-24788
JSON object : View
Products Affected
batch_cat_project
- batch_cat
CWE